Date: 2004-12-06T18:53:21 Editor: AlexKarasulu <[EMAIL PROTECTED]> Wiki: Apache Directory Project Wiki Page: EveGeneral URL: http://wiki.apache.org/directory/EveGeneral
no comment Change Log: ------------------------------------------------------------------------------ @@ -4,15 +4,14 @@ == Out-of-the-box Authentication == -* Eve's super-user (uid=admin,ou=system) is created on the first start and has its userPassword field set to "secret". + * Eve's super-user (uid=admin,ou=system) account is created on the first start and has its userPassword field set to "secret". It's created when the system partition is created. From here on its up to the administrator to change this password. No other user besides admin has access to the superuser's entry. -* Another test user uid=akarasulu,ou=users,ou=system is created on first startup and has password "test". - -* Any user entry that has the userPassword attribute set can be authenticated. The user need not be under ou=users, ou=system. - -* There are advantages to creating users under ou=users, ou=system. First the user is available regardless of the context partitions that are created. The user also is protected by some hardcoded authorization rules within the system. Namely only self read is possible for all users on their own accounts. Users cannot see the credentials of others minus the super-user of course. This is an intermediate hardcoded authorization rule set until the authorization subsystem matures. + * Another test user account uid=akarasulu,ou=users,ou=system is created on first startup and has password "test". Use it to play. + * Any user entry that has the userPassword attribute set can be authenticated. The user need not be under ou=users, ou=system. + * There are advantages to creating users under ou=users, ou=system. First the user is available regardless of the context partitions that are created. The user also is protected by some hardcoded authorization rules within the system. Namely only self read is possible for all users on their own accounts. Users cannot see the credentials of others minus the super-user of course. This is an intermediate hardcoded authorization rule set until the authorization subsystem matures. + * By default, anonymous binds are allowed both via JNDI interfaces and via LDAP based network clients. So the server will start and work without any initial configuration. The presence of the ""eve.disable.anonymous"" property key disables anonymous user access on both interfaces (JNDI and LDAP).
